Overview

overview

10

Static

static

3

b6e9bae1e8...fN.exe

windows7-x64

10

b6e9bae1e8...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6e9bae1e8d0ed7bfb50b07bfbe29045d84be405849f0fe30f1a2fc6f337dacfN

  • Size

    320KB

  • Sample

    241031-j66g2awlej

  • MD5

    5f3fce0b4e4cb7cde6cf55e2937e2100

  • SHA1

    5837640a94d68fbb3f09b9314e13454536b65a68

  • SHA256

    b6e9bae1e8d0ed7bfb50b07bfbe29045d84be405849f0fe30f1a2fc6f337dacf

  • SHA512

    64add970e22e55afc213380224b9b64969650aab3960ed8e55b194eec1ba84349a53a04a7085eb3179011c4399b16d7e120a4b1e1cf4d520cda63b20d1651f25

  • SSDEEP

    6144:36fuQJUCFmEdeYr75lHzpaF2e6UK+42GTQMJSZO5f7M0rx7/hP66qve6UK+42GTf:3MuIdeYr75lTefkY660fIaDZkY660f

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b6e9bae1e8d0ed7bfb50b07bfbe29045d84be405849f0fe30f1a2fc6f337dacfN

    • Size

      320KB

    • MD5

      5f3fce0b4e4cb7cde6cf55e2937e2100

    • SHA1

      5837640a94d68fbb3f09b9314e13454536b65a68

    • SHA256

      b6e9bae1e8d0ed7bfb50b07bfbe29045d84be405849f0fe30f1a2fc6f337dacf

    • SHA512

      64add970e22e55afc213380224b9b64969650aab3960ed8e55b194eec1ba84349a53a04a7085eb3179011c4399b16d7e120a4b1e1cf4d520cda63b20d1651f25

    • SSDEEP

      6144:36fuQJUCFmEdeYr75lHzpaF2e6UK+42GTQMJSZO5f7M0rx7/hP66qve6UK+42GTf:3MuIdeYr75lTefkY660fIaDZkY660f

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks